Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Dissector Generator

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Behdad Forghani" <behdad.forghani@xxxxxxxxxxxxxx>
Date: Thu, 19 Feb 2009 19:15:24 -0500
Thank you for your quick responses. I see that TSN.1 and wsgd do what I had
planned to do. Especially, wsgd is available in source code. One less thing
to do :).

On another note, there is a problem with ASN.1, which is since it is only a
notation, no operation is possible. If you look at 3GPP TS 25.331, you will
see that a lot of comments in ASN.1 like:
-- Actual value RRC = IE value * 0.032 
The user needs to go and change the decoded value after running it through
an ASN.1 compiler. But, as you said ECN probably will let you get around
these by defining these at ECN types for each exception and then encode it
yourself. One only need to change the definition to ECN definition and write
the encodings.

Thanks for the replies. I am glad I asked.

Best Regards,
Behdad




-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Thursday, February 19, 2009 5:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Dissector Generator


On Feb 19, 2009, at 2:41 PM, Gerald Combs wrote:

> Behdad Forghani wrote:
>> I am thinking of developing a notation along with code generator and
>> Eclipse integration to specify protocol PDUs and then generate  
>> Wireshark
>> dissectors automatically, thus reducing the time to hand code  
>> dissectors
>> and errors. Before, I do that, I wanted to make sure that I am not
>> reinventing the wheel. Does such a tool already exist for non ASN.1
>> protocol messages?
>
> You might want to take a look at the NetPDL and TSN.1 notations:
>
>    http://www.nbee.org/doku.php?id=netpdl:index
>    http://www.protomatics.com/tsn1.html

Others have suggested the BinPAC language used by the Bro IDE:

	http://bro-ids.org/wiki/index.php/BinPAC

and I think Scapy was mentioned in this context (or maybe I stumbled  
across it):

	http://www.secdev.org/projects/scapy/

and somebody's worked on some code to do this with their own language:

	http://wsgd.free.fr/

or, heck, maybe use ASN.1 - ASN.1 isn't a protocol; the "A" stands for  
"Abstract", so it's a way to describe the "abstract syntax" of  
protocols, and you have to add the encoding rules to see what that  
turns into as a sequence of octets, and there's an Encoding Control  
Notation:

	http://en.wikipedia.org/wiki/Encoding_Control_Notation

to let you specify non-standard encodings.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube